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CREDIT CARD SYSTEM AND METHOD 



This invention relates to a credit card system and method, and more particularly, to a 
5 credit card system and method offering reduced potential of credit card number misuse. 

The development of retail electronic commerce has been relatively slow in spite of the 
perceived demand for such trade. The single greatest deterrent to the expansion of 
retail electronic commerce is the potential for fraud. This potential for fraud has been a 
10 major concern for the credit card companies and financial institutions as well as the 
customers and the providers of the goods and services. 

The former are concerned about fraud because essentially the financial institutions 
have to bear the initial cost of the fraud. Additionally, the credit card companies have 
15 an efficient credit card system which is working well for face to face transactions, i.e., 
"card present" transactions where the credit card is physically presented to a trader and 
the trader can obtain the credit card number, compare signatures and in many cases 
photographs before accepting a particular credit card. 

20 The latter are equally concerned about fraud being well aware that ultimately the user 
must pay for the fraud. However, there are particular personal concerns for the 
consumer in that the fraudulent use of the credit card by misuse of the credit card 
number by a third party may not become apparent for some time. This can happen 
even if the card is still in his or her possession. Further, when fraud does occur the 

25 consumer has the task of persuading the credit card provider that fraud by another did 
indeed occur. 

There is also the additional fear of being overcharged on a credit card. There are thus 
particular risks for those credit card holders who have relatively high spending limits, in 
30 that if fraud should occur, it may be some considerable time before it is detected. One 
particular form of fraud referred to as "skimming" is particularly difficult to control. What 
happens is that the card holder proffers his or her card at an establishment to make a 
transaction, the relevant information is electronically and/or physically copied from the 
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card and the card is subsequently reproduced. This can be a particular problem with 
travelers particularly during an extensive period of travel as the fraudulent card may turn 
up in other places and it may be some considerable time before the fraud is detected. 

5 For remote credit card use, the credit card holder has to provide details of name, 

master credit card number, expiration date and address and often many other pieces of 
information for verification; the storing and updating of the information is expensive but 
necessary. This of itself is a considerable security risk as anybody will appreciate that 
this information could be used to fraudulently charge goods and services to the card 

10 holder's credit card account. Such fraudulent use is not limited to those people to 
whom the credit card information has been given legitimately, but extends to anybody 
who can illegitimately obtain such details. A major problem in relation to this form of 
fraud is that the credit card may still be in the possession of the legitimate holder as 
these fraudulent transactions are taking place. This is often referred to as 

IS "compromised numbers" fraud. Indeed all this fraud needs is one dishonest staff 

member, for example in a shop, hotel or restaurant, to record the credit card number. It 
is thus not the same as card theft. 

The current approaches to the limiting of credit card fraud are dependent on the theft of 
20 a card being reported and elaborate verification systems whereby altered patterns of 
use initiate some enquiry from the credit card company. Many users of credit cards 
have no doubt received telephone calls, when their use of the card has been 
exceptional, or otherwise unusual in the eyes of the organization providing the 
verification services. 

25 

Thus, there have been many developments in an effort to overcome this fundamental 
problem of fraud, both in the general area of fraud for ordinary use of credit cards and 
for the particular problems associated with such remote use. 

30 One of the developments is the provision of smart cards which are credit card devices 
containing embedded electronic circuitry that can either store information or perform 
computations. Generally speaking they contribute to credit card security systems by 
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using some encryption system. A typical example of such a smart card is disclosed in 
U.S. Patent No. 5.317,636 (Vizcaino). 

Another one of the developments is the Secure Electronic Transaction (SET) protocol 
5 which represents the collaboration between many leading computer companies and the 
credit card industry which is particularly related to electronic transmission of credit card 
details and in particular via the Internet. It provides a detailed protocol for encryption of 
credit card details and verification of participants in an electronic transaction. 

10 Another method that is particularly directed to the Internet is described in U.S. Patent 
No. 5,715,314 (Payne et al.). U.S. Patent 5,715,314 discloses using an access 
message that comprises a product identifier and an access message authenticator 
based on a cryptographic key. A buyer computer sends a payment message that 
identifies a particular product to a payment computer. The payment computer is 

IS programmed to receive the payment message, to create the access message, and to 
send the access message to a merchant computer. Because the access message is 
tied to a particular product and a particular merchant computer, the access message 
can not be generated until the user sends the payment message to the payment 
computer. Because the access message is different from existing credit card formats, 

20 the access message is ill-suited for phone/mail orders and other traditional credit card 
transactions. 

There are then specific electronic transaction systems such as "Cyber Cash," "Check 
Free" and "First Virtual." Unfortunately, there are perceived problems with what has 

25 been proposed to date. Firstly, any form of reliance on encryption is a challenge to 
those who will then try to break it. The manner in which access has been gained to 
extremely sensitive information in Government premises would make anyone wary of 
any reliance on an encryption system. Secondly, a further problem is that some of the 
most secure forms of encryption system are not widely available due to government 

30 and other security requirements. Limiting the electronic trading systems and security 
systems for use to the Internet is of relatively little use. While electronic commerce is 
perceived to be an area of high risk, in practice to date it is not. 
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Additionally, various approaches have been taken to make "card present" transaction 
more attractive. For instance, Japanese Patent Publication No. Hei 6-282556 discloses 
a one time credit card settlement system for use by, e.g., teenage children of credit 
card holders. This system employs a credit card which can be used only once in which 

5 various information such as specific personal information, use conditions, and an 

approved credit limit identical to those of the original credit card are recorded on a data 
recording element and displayed on the face of the card. The one-time credit card 
contains the same member number, expiration date, card company code, and the like 
as on existing credit card, as well as one-time credit card expiration date not exceeding 

10 the expiration date of credit card, available credit limit for the card, and the like. The 
one-time credit card makes use of some of the same settlement means as the 
conventional credit card. However, the system also requires use permission 
information to be recorded on the credit card, the information permitting the credit card 
to be used only once or making it impossible to use the credit card when the credit limit 

15 has been exceeded. A special card terminal device checks the information taken from 
the card for correctness and imparts use permission information for when the card is 
not permitted to be used on the transmission to the credit card issuing company. The 
use permission information takes the form of a punched hole on the card itself. This 
system has obvious drawbacks, such as the card terminal having to be modified for 

20 additional functions (e.g., punching holes, detected punched holes, imparting additional 
information, etc.). Also, such a system offers little additional security insofar as fraud 
can still be practiced perhaps by covering the holes or otherwise replacing the 
permission use information on the credit card. Further, such a system would require a 
change in nearly all card terminal equipment if it were adopted. 

25 

Patent Nos. 5,627,355 and 5,478,994 (Rahman et al.) disclose another type of system 
that uses a plurality of pin numbers which are added to a credit card number on an 
electronic display. U.S. Patent No. 5,627,355 discloses a credit card having a memory 
element containing a series of passwords in a predetermined sequence. These 
30 passwords are identical to another sequence stored in a memory of a host control 
computer. Further, the card contains a first fixed field containing an account number 
(e.g., "444 222 333"). In operation, the memory element of the credit card device 
provides a unique password from the sequence with each use of the credit card device. 
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This permits verification by comparing the account number and the password provided 
with each use of the device with the account number and the next number in sequence 
as indicated by the host computer. The host computer deactivates the password after 
the transaction. Among the drawbacks with this type of system is the need for a power 

5 supply, a display, a memory device, a sound generator and the need to recycle a limited 
sequence of pin numbers. Such a system is not readily adapted to current credit card 
transactions because it lacks the ability of providing a check sum of the card number 
and cannot be read by a standard card reader. Also, if the card is lost or stolen, there 
is little to prevent a person from using the card until it is reported to be lost or stolen by 

10 the correct holder. See, also, U.S. Patent No. 5,606,614 (Brady et al.). 

Other attempts have been made to make funds available to an individual, but with 
limitations. For example, U.S. Patent Nos. 5.350,906 (Brady et al.) and 5,326,960 
(Tannenbaum et al.) disclose issuing temporary PINs for one time or limited time and 

15 limited credit access to an account at an ATM. These patents disclose a currency 

transfer system and method for an ATM network. In this system, a main account holder 
(i.e., the sponsor) sets up a subaccount that can be accessed by a non-subscriber by 
presenting a fixed limit card associated with the subaccount and by entering a 
password corresponding to the subaccount. Once the fixed limit is reached, the card 

20 can no longer be used. The fixed limit card contains information on its magnetic stripe 
pertaining to the sponsor account. 

One of the problems with all these systems is that there are many competing 
technologies and therefore there is a multiplicity of incompatible formats which will be a 
25 deterrent to both traders and consumers. Similarly, many of these systems require 

modifications of the technology used at the point of sale, which will require considerable 
investment and further limit the uptake of the systems. 

Many solutions have been proposed to the problem of security of credit card 
30 transactions. However, none of them allow the use of existing credit cards and existing 
credit card formats and terminal equipment. Ideally, as realized by the present 
inventors, the solution would be to obtain the functionality of a credit card, while never 
in fact revealing the master credit card number. Unfortunately, the only way to ensure 
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that master credit card numbers cannot be used fraudulently is to never transmit the 
master credit card number by any direct route, i.e. phone, mail, Internet or even to print 
out the master credit card number during the transaction, such as is commonly the 
case at present. 

5 

According to exemplary embodiments, the present invention is directed towards 
improving the existing credit card system by providing a more secure way of using 
existing credit cards and in particular to providing an improved way of using existing 
credit cards in remote credit card transactions. The present invention is further directed 
10 towards providing a more secure way of using existing credit cards generally which will 
not require any major modifications to existing credit card systems. It is further directed 
towards providing an improved credit card system that will be more user friendly and 
will provide customers with a greater confidence in the security of the system. 

15 Further the invention is directed towards providing an improved credit card system, in 
one embodiment, that will not necessarily require the use of expensive and potentially 
fallible encryption systems. The present invention is also directed towards providing an 
improved credit card system which will enable a user to obtain the functionality of a 
credit card while never revealing the master credit card number. 

20 

Further the invention is directed towards overcoming as far as possible the incidence of 
skimming and compromise numbers frauds. 

These and other objects of the present invention are satisfied by a first exemplary 
25 embodiment, which pertains to a credit card technique involving: maintaining a pool of 

credit card numbers which share identical formatting; assigning at least one credit card 

number from the pool of credit card numbers to be a master credit card number; 

assigning at least one credit card number from the pool of credit card numbers to be a 

limited-use credit card number which is deactivated upon a use-triggered condition 
30 subsequent; and associating the master credit card number with the limited-use credit 

card number, while ensuring that the master credit card number cannot be discovered 

on the basis of the limited-use credit card number. 
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The technique further comprises: receiving notification that the limited-use credit card 
number has been used in a credit card transaction; determining whether a limited-use 
event has occurred based on the notification, and if so, generating a deactivation 
command; and deactivating the limited-use credit card if a limited-use event has 
occurred, based on the deactivation command which is generated upon a use-triggered 
condition subsequent. In one embodiment, the limited-use event is satisfied when the 
limited-use credit card is used only once. In another embodiment, the limited-use event 
is satisfied when the limited-use credit card is used to accrue charges which are greater 
than a prescribed monetary amount, which are greater than a prescribed frequency of 
use, and/or a combination of use frequency, individual transaction amount and total 
amount. 

In one embodiment of the invention, the additional limited-use credit card numbers are 
allocated automatically as soon as the credit card holder uses more than a preset 
amount of limited-use credit card numbers. The advantage of this is that the master 
credit card holder does not have to request the credit card numbers each time they are 
required. 

In another embodiment, a technique for performing a credit card transaction based on 
) one of a master credit card number and a limited-use credit card number is provided, 
wherein the limited-use credit card number is randomly chosen with respect to the 
master credit card number, but the limited-use credit card number includes identical 
formatting to the master credit card number and is associated with the master credit 
card number. The technique comprises: entering a transaction on the basis of the 
5 master credit card number or the iimited-use credit card number to generate a 
transaction message; and receiving the transaction message and processing the 
transaction. The step of processing the transaction includes: authorizing or denying the 
transaction; determining whether to deactivate the limited-use credit card number when 
the limited-use credit card number was used to perform the transaction, and generating 
10 a deactivation command in response thereto, wherein the determining step determines 
whether to deactivate the limited-use credit card number based on whether a limited- 
use event pertaining to the use of the limited-use credit card number has occurred, and 
if so, generates the deactivation command when the limited-use event has occurred; 
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command. 



ting the limited-use credit card number based on the deactivation 



One advantage of the above-described techniques is that the credit card holder obta,ns 
the functional of a credrt card without ever in fact revealing the master credrt card 
number in the course of a transaction. More specifically, according to a preferred 
embodiment, there is no mathematical relationship between the limited-use credrt card 
number and the master credit card number. This is attributed to the fact that the 
numbers are randomly selected from a queue of available limited-use credrt card 
numbers based upon the requests and/or needs of different customers. It is thus 
virtually impossible to predict which customers are looking for numbers at any time or 
how they will be allocated. 

Further, the technique can use a limited-use credit card number, and hence the 
possibility of compromised numbers credit card fraud may be eliminated or at least 
greatly reduced. Additionally, in one embodiment of the credit card technique, a preset 
credit limit, etc. is allocated. Irrespective of how the trader behaves (for example, by 
fraudulently overcharging or providing additional goods) the total risk to the credit card 
holder is directly related to the preset credit limrt, and thereby can be rn.mm.zed. 

3 The foregoing, and other, objects, features and advantages of the present invention will 
be more readily understood upon reading the following detailed descnption .n 
conjunction with the drawings in which: 

5 Fig. 1 shows an exemplary system for implementing the present invention; 

Fig. 2 shows, in high-level form, the operation of the central processing station 
shown in Fig. 1; 

30 Fig. 3 is a flow chart illustrating an exemplary process for allocating credit card 

numbers; 
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Fig. 4 is a flow chart illustrating an exemplary process for limiting the use of a 
credit card number, 

Fig. 5 is a flow chart illustrating an exemplary process for distributing credit card 
numbers; 

Fig. 6 is a flow chart illustrating an exemplary process for electronically using 
credit card numbers; 

Fig. 7 is a flow chart illustrating an exemplary process for processing a 
transaction; 

Fig. 8 is a flow chart illustrating another exemplary process for processing a 
transaction; and 

Fig. 9 is a flow chart illustrating an exemplary process for using a credit card 
number as a PIN number. 

|„ this specification the term "credit card" refers to credit cards (MasterCard®, Visa®, 
Diners Club®, etc.) as well as charge cards (e.g.. American Express®, some 
department store cards), debit cards such as usable at ATMs and many other locat,ons 
or that are associated with a particular account, and hybrids thereof (e.g., extended 
payment American Express®, bank debit cards with the Visa® logo. etc.). Also, the 
terms "master credit card number" and "master credit card" refer to the credit card 
number and the credit card as generally understood, namely, that which is allocated by 
the credit card provider to the customer for his or her account. It will be appreaated 
that an account may have many master credit cards in the sense of this specrficatton. 
For example a corporation may provide many of its employees with credrt cards but 
essentially each of these employees holds a master credit card even if there is only one 
customer account. Each of these master credit cards will have a unique master credrt 
card number, which set of master credit card numbers will be linked to the account. 
Similarly, in families, various members of the family may hold a master credit card all of 
which are paid for out of the one customer account. 
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The term "limited-use" credit card number is used to encompass at least both the 
embodimentin W hichthecreditcardisdesignatedforasingleuse,andthe 
embodiment in which the credit card is designated for multiple uses providingt a the 
5 charges accrued do not exceed a prescribed threshold or thresholds, such a total s,ng le 
charge, total charges over a limited time period, total charge in a single transact.cn, etc. 

A common feature is that the limitation is based on a use-triggered condrt,on 

subsequent, and not just the expiration date of the card. 

10 -l Overview " f gyctam Features 

There are at least two basic different ways of carrying out the present invention. In 
summary, they are the allocation of additional credit card numbers for remote trade and 
secondly the provision of what are effective* disposable credit cards for remote and 
l5 card present trade, both of which have the feature of in the case of single use or ,n the 
case of multiple use, protecting against the worst effects of compromised numbers 
fraud or skimming. 

in a refinement of the invention, it is possible to control the manner in which an actual 
20 transaction is carried out as a further protection against unscrupu«ous providers of 
goods and services. 

Essentially, there are certain matters that will be considered in relation to this invention. 
They are firstly the operational or functional features in so far as they affect customers. 
25 and then there are the technical features, namely how the invention is implemented 

how the invention is provided to the customers, and finally, how the invent™ ,s handled 
by the providers of goods and services and the processors of the credit cards. ,.e., the 
financial institutions and/or their service providers. 



30 



The operational or functional features of this invention will be discussed first in the 
context of a standard credit card system. 
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One basic feature of the invention is to provide in a credit card system such that each 
master credit card holder could be provided with one or more of the following: 1) 
additional single use credit card numbers for remote transactions; 2) multiple use cred.t 
card numbers for remote transactions; 3) single use additional credit cards for remote 
and card present transactions; and 4) multiple use credit cards for remote and card 
present transactions. 

It is also envisaged that in certain situations credit cards can be provided to people who 
do not have an account with any credit card company. This latter feature is described 
in more detail below. Various other features may be provided in the above situations 
which will further improve the security of credit card transactions. 

Dealing firstly with the situation where a master credit card holder has an additional 
credit card number allocated to him or her for a single use, it will be appreciated that 
since the number can only be used for one single transaction, the fact that the number 
is in anybody else's hands is irrelevant as it has been deactivated and the master credit 
card number is not revealed to the third party. Various other features may be added to 
such single use credit card numbers, for example, the value of the transaction can be 
limited, thus the master credit card holder can have a plurality of single use cred.t card 
numbers of differing values. For example, when a remote trade is carried out, the 
master credit card holder will use a credit card number which has a credit card l.m.t only 
marginally above or equal to that of the value of the transaction. This would reduce the 
chances of or prevent an unscrupulous trader using the credit card number to supply 
additional goods or services over those ordered or to increase the agreed charge. 

A second embodiment of the invention provides the master credit card holder with an 
additional credit card number for use in remote trade, which credit card number could 
have, as in the previous example of the invention, a credit limit for each specific 
transaction or a credit limit such that when the aggregate amount of a series of 
3 transactions exceeded a specific credit limit that the credit card number would be 
canceled, invalidated or in some other way deactivated. Similarly, the multiple use 
credit card number could be limited to. for example, five uses with a credit limit not 
exceeding $100 in each transaction and an aggregate credit limit not exceeding $400. 
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Simiiarly, a lime restriction could be put on such a credit card number in that it would be 
deactivated if it was used with frequency above (or below) a given threshold, for 
example more than once a week. It will be appreciated that the limits that can be 
ptaced on the use of a single use credit number or a multiple use credit card number 
5 are almost limitless and those having skill in the art will consider other ways in which 
the use of the credit card number could be limited, whether it be by time, by amount, 
frequency of use, by geographical region, or by purpose or use (such as limrted to 
internet trade and so on), or by some combination of these separate critenon. 

10 The third way in which the invention could be carried out is by physically providing 
additional single use credit cards each of which would have a unique additional cred,t 
card number. Such additional single use credit cards could then be used both for 
remote trade by using the additional credit card numbers for respective transacts, 
and for "card present" trade where each card would be "swiped" in the normal manner. 
15 Such a disposable credit card could be made like any common credit card, or from a 
relatives inexpensive material, such as cardboard or thin plastic, with the relevant 
information entered into it in readable (e.g.. magnetic) form, as is already t e case £. 
many forms of passes for use in public transport and the like. Aga,n, substant.a.ly he 
same features as with the credit card number could be provided. Thus, for example, 
20 the disposable credit card could be limited to use geographically, to a use, to an 

amount, to a frequency of use, to an expiration date, and so on. Again, those silled ,n 
the art will appreciate that there are many variations to th.s concept 

Another way of carrying out the invention is to provide a master credit card holder wrth a 
25 multiple use additional credit card, where the additional credit card provides any 
limitations as to use triggered conditions subsequent that may be desired. 

ideally, irrespective of the manner in which the invention is carried out, the master 
credit card holder would be provided with either a plurality of single use additional credrt 
30 card numbers or multiple use credit card numbers or a mixture of single and mulfple 



use credits cards. 
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20 



25 



It will be appreciated that with either single use credit card numbers or single use 
additional credit cards, it is possible to eliminate or reduce the risk of credit card 
number fraud. Further, depending on the credit limit imparted to the particular credit 
card number or additional credit card number or single use additional credit card, it is 
possible to further limit the possibilities of fraud in any remote transaction and that with 
the use of a disposable single use credit card it is possible to eliminate or reduce the 
risk of skimming. 

With multiple use additional credit card numbers and multiple use additional credit 
cards, the above-identified problems may not be totally eliminated due to preferences of 
the user. This is because, in certain circumstances, credit card users may prefer to 
have, for example, an additional credit card number for remote trade with a specific 
credit limit that they use all the time and are willing to take the risk of compromised 
number fraud, in the sense that they can control the severity of this misuse. This would 
; be particularly the case where some of the various user triggered conditions 
subsequent limitations suggested above are used with the additional credit card 
number. Substantially the same criteria would apply to an additional multiple use credrt 
card. 

Effectively, the present invention solves the problem by obtaining the functionality of a 
credit card while never in fact revealing the master credit card number as the master 
credit card number need never be given in a remote transaction. Further, the master 
credit card itself need never be given to a trader. 

In another embodiment of the invention, it is envisaged that people who do not hold 
master credit cards could purchase disposable credit cards which would have a credrt 
limit for the total purchases thereon equal to the amount for which the credit card was 
purchased These could then be used for both card present and card remote trade, the 
only proviso being that if the credit limit was not reached it will then be necessary for a 
refund to be given by the financial institution or credrt card provider. An obvious way of 
obtaining such a refund would be through an automatic teller machine (ATM). In this 
way, the existing credit card transaction system is employed and the card holder is 
given the convenience of having a credit card. 
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As an alternative, the above-discussed cards could be, in effect, debit cards in the true 
sense, in which funds are withdrawn against a customer's account. In this case, the 
"credit card" issued, whether it be a one time use card or multi-use card, and whether 
have a credit limit or not, would be used to debit the account immediately. Preferably, 
the credit card issued in these circumstances would be single use with or without a 
transaction amount limit which would be used and processed by the customer and 
merchant for a transaction as if it were a credit card, while in the customer's bank rt 
would be treated like any other debit to the account. 

o Fvam plarv Imp lementation 

? 1 implantation overview 

; Various aspects of the invention may be embodied in a general purpose digital 

computer that is running a program or program segments originating from a computer 
readable or usable medium, such medium including but not limited to magnetic storage 
media (e.g., ROMs, floppy disks, hard disks, etc.), optically readable media (e.g.. CD- 
ROMs DVDs etc.) and carrier waves (e.g., transmissions over the Internet). A 

0 functiona. program, code and code segments, used to implement the present invention 
can be derived by a skilled computer programmer from the description of the .nventton 
contained herein. 

Fig 1 shows an exemplary overview of a system for implementing the limited-use credit 
25 card system of the present invention. The system 100 comprises a central processmg 
station 102, which, accordingly to exemplary embodiments, may be operated by the 
credit card provider. Generally, this station 102 receives and processes remotely 
generated credit card transactions. The credit card transactions can originate from a 
merchant in the conventional manner, e.g.. by swiping a credit card through a card 
30 swipe unit 106. Alternatively, the credit card transaction requests can ongmate from 
any remote electronic (e.g.. a persona, computer) device 104. These remote dev,ces 
can interface with the central processing station 102 through any type of network, 
including any type of public or propriety networks, or some combination thereof. For 
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instance, the personal computer 104 interfaces with the central processing station 102 
via the Internet 112. Actually, there may be one or more merchant computer devices 
(not shown) which receive credit card transactions from the remote electronic device 
104, and then forward these requests to the central processing station 102. The 
central processing station 102 can also interface with other types of remote devices, 
such as a wireless (e.g.. cellular telephone) device 140, via radiocommunication using 
transmitting/receiving antenna 138. 

The central processing station 102 itself may include a central processing unit 120, 
which interfaces with the remote units via network I/O unit 118. The central processing 
unit 120 has access to a database of credit card numbers 124, a subset 126 of which 
are designated as being available for limited use (referred to as the "available range"). 
Also, the central processing unit 120 has access to a central database 122, referred to 
as a "conditions" database. This database is a general purpose database which stores 
information regarding customers' accounts, such as information regarding various 
conditions which apply to each customers' account. Further, this database 122 may 
store the mapping between a customer's fixed master credit card number and any 
outstanding associated limited-use credit cards, using, for instance, some type of 
linked-list mechanism. Databases 122 and 124 are shown separately only to illustrate 
) the type of information which may be maintained by the central processing station 102; 
the information in these databases can be commingled in a common database in a 
manner well understood by those having skill in the data processing arts. For instance, 
each limited-use credit card number can be stored with a field which identifies its 
master account, and various conditions regarding its use. 

The central processing unit 120 can internally perform the approval and denial of credit 
card transaction requests by making reference to credit history information and other 
information in the conventional manner. Alternatively, this function can be delegated to 
a separate clearance processing facility (not shown). 

10 

Finally, the central processing station includes the capability of transmitting the limited- 
use credit card numbers to customers. In a first embodiment, a local card dispenser 
128 can be employed to generate a plurality of limited-use cards 132 and/or a master 
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credit card 134 for delivery to a customer. In a second embodiment, the limited-use 
credit card numbers can be printed on a form 136 by printer 130, which is then 
delivered to the customer via the mail. The printed form 136 may include material 
which covers the numbers until scratched off, thereby indicating what numbers have 
been used and are no longer active. This listing of numbers can be included in a 
monthly or other periodic account statement sent to the customer. In a third 
embodiment, these limited-use numbers can be electronically downloaded to a user's 
personal computer 104, where they are stored in local memory 142 of the personal 
computer 104 for subsequent use. In this case, the credit card numbers can be 
encrypted (described in detail later). Instead of the personal computer 104, the 
numbers can be downloaded to a usef s smart card though an appropriate interface. In 
a fourth embodiment, the single-use credit card numbers can be downloaded to a radio 
unit 140 (such as a portable telephone) via wireless communication. In a fifth 
embodiment, an ATM 108 can be used to dispense the limited-use cards 110. Those 
skilled in the art will readily appreciate that other means for conveying the 
numbers/cards can be employed. These embodiments are, of course, usable together. 

The logic used to perform the actual allocation and deactivation of limited-use credit 
card numbers preferably comprises a microprocessor which implements a stored 
) program within the central processing unit 120. Any general or special purpose 
computer will suffice. In alternative embodiments, the logic used to perform the 
allocation and deactivation of the limited-use credit card numbers may comprise 
discrete logic components, or some combination of discrete logic components and 
computer-implemented control. 

Fig. 2 shows a high-level depiction of the functions performed by the central processing 
station 102 or the like. The process begins in step 202 by allocating one or more 
limited-use numbers to a customer. These numbers are ultimately selected from the 
list 126 of available limited-use numbers, or some other sub-set list which has been 
JO previously formed from the numbers in list 126. Also, although not shown in Fig. 2, a 
master account number would have been preferably assigned to the customer at a 
previous point in time. The conditions database 122 may comprise a mechanism for 
associating the master credit card number with the limited-use credit card number. 
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Because the limited-use cards are arbitrarily chosen from the listing 126 of limited-use 
card numbers, there should be no discernable link which would allow anyone to 
determine the master credit card number from any of the limited-use numbers. 

5 The processing then advances to step 204. where it Is determined whether a customer 
requests or an event triggers a request for additional limited-use cards or card 
numbers. If so, additional limited-use cards or card numbers are allocated to the 



customer. 



10 



Processing then advances to step 206, where the central processing station determmes 
whether a transaction has taken place using a previously issued limited-use card. Th.s 
step is followed by a determination (in step 208) whether the limited-use number should 
be deactivated. For instance, if the card is a single-use card, it will be deactivated. If 
the card is a fixed-limit card, the card is only deactivated if the recent transact™ 
exceeds some stored threshold limit. These threshold limits can be stored on the card 
itself or in the conditions database 122. The actual step of deactivating is performed by 
generating a deactivation command, as represented in step 210 shown in F.g. 2. 
Naturally, there are other steps to processing a credit card transaction, such as 
checking whether the card is deactivated or otherwise invalid prior to completing the 
transaction. These additional steps are system specific and are not discussed here for 
sake of brevity. 

Once a number is deactivated, this number can not be fraudulently reused. Hence, the 
risk of fraudulent capture of these numbers over the Internet (or via other transm.ss.on 

i means) effectively disappears. In an alternative embodiment of the invention, these 
deactivated numbers can be reactivated providing that a sufficiently long time since 
their first activation has transpired. Providing that there is a sufficiently large number of 
limited-use credit card numbers to choose from, it would be possible to wait a long time 
before it was necessary to repeat any numbers. At this point, rt would be very unlike* 

0 that someone who had wrongfully intercepted a credit card number years ago would be 
motivated to fraudulently use it before the rightful owner. 
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After the limited-use card is deactivated or a number of limited-use cards are 
deactivated, an additional limited-use card or cards can be activated. As described in 
detail in the following section, the actual activation of the credit card number can 
involve various intermediate processing steps. For instance, the credit card numbers 
5 from the list 126 can be first allocated to an "allocated" range of numbers, and then to 
an "issued but not valid" range of numbers, and then finally to an "issued and valid- 
range of numbers. Fig. 2 is a high-level depiction of the process, and encompasses 
this specific embodiment, as well as the more basic case where the credit card 
numbers are retrieved from a database and then immediately activated. 

10 Having set forth a summary of how the invention can be implemented, further details 
are provided in the following. 

? 2 Allocation of the cre dit card numbers 

15 The first thing that the credit card provider should do is to generate a list of additional 
credit card numbers, whether they be single use or multiple use, and allocate additional 
credit numbers to a master credit card as a further credit card number for optional use 
instead of the master credit card number. Such a list can be produced by any suitable 

20 software package in the exemplary manner discussed in more detail below. Since the 
numbers allocated to a particular master credit card holder will not have any link to the 
master credit card number, the master credit card number should not be able to be 
derived from the additional credit card numbers. 

25 in effect, randomness in credit card numbers is provided by the fact that there is a 
queue formed by the customers requiring numbers. Further, it should not be possible, 
even knowing the additional credit card numbers in a particular master credit card 
holder's possession which he or she may have used, to predict the next set of numbers 
that that particular master credit card holder will be allocated, since there will be 

30 randomness of access to additional credit card numbers in the truest sense. Even if 
the credit card provider were to allocate numbers sequentially, there would be no way 
of predicting the number that that credit card holder would subsequently acquire, since 
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the numbers would be allocated by virtue of a queue, the randomness of this allocation 
being such as to prevent any prediction. 

As such, the credit card numbers generated by the central computer need not be perse 
random numbers. Preferably, though, these numbers are valid credit card numbers 
with the constraint that they must conform to industry specifications of the format in 
terms of their numerical content in such a way that they can be handled with no (or 
minimal) modifications by merchant/acquiring systems and networks and be routed to 
the appropriate center for processing. An additional constraint is that they must be 
different from all other conventional account numbers and all other single use numbers 
during their lifetime of validity. These constraints are practical requirements to produce 
a commercially viable system, which would likely not be satisfied by any process that 
generates random numbers in isolation. 

To achieve these allocation requirements, an issuing bank decides within its total 
available range of credit cards to allocate a certain range or ranges of numbers to the 
single use system, referred to herein as the "available range." This may represent 
spare numbers using existing header sequences (e.g., the sequence of usually 4-6 
digits that define the issuing institution and are used to route the card to the appropriate 
transaction processor) or within newly created header sequences. The numbers not 
allocated include existing credit card accounts for that issuer and sufficient spare 
capacity for new account holders and replacement numbers for existing customers. 
The additional non-embossed components of the card details and any card specific 
information that is transmitted during a transaction may be varied from card to card to 
J enhance security and privacy of credit card transactions. 

Although each limited-use number is unique during the its lifetime of validity, information 
required to route the card number and transaction details to the appropriate processor 
is maintained to ensure that limited-use numbers are processed appropriately. 
0 However, the limited-use numbers do not need to include either the master card 
account number or an encoded version of the account number. Indeed privacy and 
security are enhanced when no unique account holder identifier is included within the 
limited-use credit card number. 
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Also, information that is verified prior to the card being processed for authorization and 
payment, such as expiry date and checksum digit must be valid. This information may 
vary from limited-use number to limited- use number, but must be valid to ensure that 
the number passes checks that may be completed within the merchant terminal, i.e., 
S the checksum is appropriately calculated for each limited-use number and the 
associated expiry date is valid at the time of use. 

Within the constraint of using a valid credit card format, the random allocation process 
used to generate lists of unique limited-use numbers can involve allocation from a 
10 range of numbers in which either the entire number or portions of the account number 
are varied. In addition, the allocation can include combinations of all or part of the 
account number together with all or part of additional information such as non- 
embossed additional numbers, expiry date and other information that identifies the card 
and is passed on by the merchant to the card processor during a transaction. 

15 

Sequential random allocation from a list of available valid credit/debit/charge card 
codes that have been solely allocated for use as limited-use numbers ensures that the 
criteria specified for limited-use numbers are met, i.e., no two limited-use numbers are 
the same, no limited-use number is the same as an existing account number, and no 

20 newly issued conventional card number is the same as a previously issued limited-use 
number. To achieve true computational independence between account numbers and 
limited-use cards and between limited-use numbers for the same account, the random 
allocation process requires a truly random seed value. Such true randomness can be 
obtained from a physically random system with well defined properties such as a white 

25 noise generator. An analog to digital converter that receives an analog signal from 
such a truly random physical system can be used to ensure truly random allocation. 

Other approaches can result in the same result with lower computational efficiency. For 
example the allocation process could randomly select valid credit card numbers within 
30 the entire range for a given card issuer and then discard the number if it is already in 
use as a limited-use or conventional card number or if the same number was allocated 
within a given time frame. 
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The above process generates a series of available single use numbers. To repeat, the 
allocation process is achieved by a truly random (or less ideally a pseudo random) 
mapping process in which a single use number is randomly selected and then assigned 
to a selected account holder (either an existing credit/debit card holder, a new solely 
5 single use account holder or a bank account). Additional single use numbers can be 
allocated for purchase on an individual basis. Each assigned single use number is then 
removed from the sequence of available numbers before the next allocation, ensuring a 
unique allocation of each single use number. An alternative mechanism for performing 
direct allocation to a specific account holder is for lists of single use numbers to be 
10 allocated to unique storage locations. The list from a specific storage location can then 
be directly allocated to a given account at a later date. This allows for rapid allocation 
of cards to new customers without any delay arising from the need to perform a new 
allocation procedure for each new customer. 

15 This allocation process generates another series of single use numbers, the "allocated 
range" with an associated identification field to determine how the account will be 
settled once used, i.e., onto whose account the transaction will be charged. The 
allocation process can occur a significant time before the single use numbers are 
required. Once allocated, they are not added into the list of valid accounts until 

20 required by the user. 

Fig. 3 is a flow chart illustrating an exemplary process for allocating credit card 
numbers. A central processing unit (CPU) generates a database of credit card 
numbers (step 302), and selects a master credit card number. (Step 304). In step 306, 

25 the CPU checks to make sure that the master credit card number is not the same as 
another credit card number. The CPU selects additional credit card numbers to 
allocate to the master credit card number. (Step 308). The CPU can use any of the 
techniques discussed above to select the additional numbers. In step 310, the CPU 
checks to make sure that the additional numbers are not the same as another credit 

30 card number. The additional numbers can be used, for example, for single use cards. 
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When a customer needs single use cards, the CPU can issue the additional credit 
card numbers to the customer. Unless these single use numbers are issued directly 
into the hands of the customer (e.g., by an automated teller machine (ATM)), they 
5 are not directly added to the list of valid account numbers held within the central 
computer system. These numbers are added to an "issued, but not valid" list of 
numbers. (Step 312). The number of single use numbers issued at one time 
depends upon the rate at which the customer will use the cards and the capability of 
the device used to store the single use numbers until used. The CPU can provide 
10 the customer with enough single use numbers to fulfill their single use purchase 
requirements for up to, for example, 2 years. Each single use number can be 
endowed with specific restrictions in terms of transaction type or value, provided that 
these properties do not exceed the restrictions placed up on the customer's account 
(such as the available credit balance). 

15 

Once a series of single use numbers are issued, the user has the option of 
confirming receipt by telephone before any of the issued numbers become validated 
on the processing system. (Step 314). Once receipt has been confirmed (or 
assumed), not every issued single use number is added to the "issued and valid" list. 

20 (Step 316). To prevent excessive valid single use numbers being held within the 
processing system, the number of single use numbers declared to be valid at any 
one time is limited to account for waste of numbers (i.e.. numbers that are accessed 
by a customer but are never used to complete a transaction) and to allow for time 
delays between different transactions leading to differences in the sequence in 

25 which single use numbers are accessed by the customer and the sequence in which 
they arrive at the processing center. The maximum number of single use numbers 
valid at any one time can be determined by the card issuer but would be preferably 
in the range of 5-10. In the case of any attempted use outside the allocated range, 
the next single use number can used as an additional identifier to validate the 

30 transaction. In this case, only a subset of the digits should be given by the user to 
prevent a fraudulent trader being able to gain access to multiple unused single use 
numbers. As soon as a single use number is invalidated (step 320) on use (step 
318), an additional number from the'issued not valid" list for that customer is 
allocated to the "issued and valid" list, ensuring a continual supply of single use 
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numbers up to the maximum allowed until the next set of single use numbers are 
issued. (Step 322). 

In relation to the actual supply of the additional credit card numbers, this will not 
5 cause any difficulties to the credit card provider. For example, with a standard 

master credit card number, there are up to fifteen or more digits, the first of which is 
used to identify the credit card provider, e.g., American Express®, VISA®, 
Mastercard®, etc. For major banks, three digits are used to identify the issuing 
bank. The last digit in a typical sixteen digit master credit card number is a 
10 checksum used to confirm that the number is a valid number. This leaves a total of 
up to 11 digits or more for the account identifying number and the expiration date. In 
some instances, the expiration date may not be sent back for clearance, while with 
certain credit card providers, additional credit card numbers or even additional 
information is required for clearance. For example, certain credit card providers print 
15 additional numbers on the card, which additional numbers are not embossed on the 
card and do not form part of the master credit card number. These additional 
printed and non-embossed credit card numbers can be used to identify that the 
person proffering the card for a non-card present transaction is actually in 
possession of the card when the order is made whether it be in writing or by phone. 
20 There are many devices, digits, pieces of information, etc. used by a credit card 
issuer or processor working for a credit card issuer to clear the credit card for the 
specific transaction. According to another embodiment, when issuing additional 
credit card numbers in accordance with the present invention, such additional credit 
card numbers could include a code which would identify that the person using the 
25 additional credit card number in a remote transaction is the one to whom the 

numbers were sent or, in the case of a disposable credit card, is the one to whom 
the disposable credit card was sent. 

A preferred feature of these additional credit card numbers is that they be 
30 constrained to be in the correct format for a credit card number with a valid check 
sum, while at the same time be mathematically unrelated to each other or to the 
mas-ter credit card. In certain situations, for single use numbers, the expiration date 
is virtually irrelevant. Thus, using the month code of the expiration date with said 
eleven digits, there are 12 x 10 11 , i.e., 1.2 x 10 12 , i.e.. 1,200 billion possible unique 
35 codes available for any given credit card provider. This would allow for 50 
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transactions a month for 10 years for 200 million account holders, before any codes 
would have to be recycled or a new header code introduced. When it is understood 
that there are then another 10 4 header numbers that a credit card provider can use, 
it will be appreciated that the structure and arrangement of existing master credit 
5 card numbers is sufficient to operate this invention with the advantage that the 
existing infrastructure of dealing with credit card transactions can be used with 
minimum modification. All that is required for the credit card provider is to store the 
generated numbers against the master credit card number. 

10 If. for example, the card is a VISA® card, there are approximately 21 ,000 issuing 
banks. The sixteen digit number has a "4" followed by a five digit code to identify the 
card issuer. The last number is a checksum to verify that it is a valid number. As a 
result, there are 21,000 x 10 9 x 12 (252 trillion) unique numbers and associated 
expiry months. This number of codes is sufficient for 36,000 years of transaction 

15 processing at the current annual rate of approximately 7 billion transactions per year. 

While existing credit card formats allow for a sufficiently large number of available 
card numbers, numbers will eventually need to be recycled for allocation. As the 
range of available numbers reduces in size over time, additional or recycled 

20 numbers should be added back into this range to ensure that the allocation process 
is performed from a range sufficiently large to maintain random allocation. The 
length of time prior to recycling depends on the total number of available unique card 
codes available to an issuer and the number of transactions that use limited-use 
numbers. Such recycling can only occur after a number has been invalidated for 

25 further use and is no longer valid for refunds. Once recycled, automatic fraud 

detection mechanisms that would normally be activated on the attempted reuse of a 
previously inactivated card need to be altered by removing the recycled number from 
the list of previously issued limited-use numbers. 

30 2.3 Limitations on the use of the credit card numbers 

The use triggered condition subsequent limitations placed on limited-use card 
numbers, i.e. transaction value limitations, number of transactions limits, etc., are 
central to their additional flexibility and security compared to conventional 
35 credit/debit/charge cards. These limitations can be imposed and controlled in a 
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variety of ways. For example, the limitations can be stored within a database held 
by the card issuer and used to check that the transaction falls within these limitations 
during the authorization process. 

5 Fig. 4 is a flow chart illustrating an exemplary process for limiting the use of a credit 
card number. A CPU can allocate a credit card number to a master credit card 
number (step 402), and allocate a condition to the credit card number. (Step 404). 
The CPU can then store the condition in a database of conditions. (Step 406). 
These limitations can be assigned by the issuer in a predetermined manner or can 

10 be imposed according to the requests of the card holder. These limitations are 
encoded with the limited-use numbers when the numbers are issued to a user so 
that the user can determine the limitations associated with a particular card. These 
limitations can be altered once a number is issued by updating the issuer database 
and the user maintained list of numbers. Communication between the user and card 

15 issuer to make these changes can be posted, conveyed verbally or electronically. 
(Step 408). When the card is used for a transaction (step 410), the transaction 
details are compared by the processing software with the limitations and the 
transaction is authorized only if the transaction falls within these limitations. (Step 
412). 

20 

Alternatively the limitations can be encoded within part of the number format that is 
transmitted during a transaction. The limitations would then be decoded from the 
transmitted transaction details by the card processor. This would offer the user 
more control, but would offer less security since knowledge of the encoding format 
25 could be used to fraudulently alter the limitations chosen by altering the appropriate 
portion of the limited-use number format. 

As internet commerce develops, there will be an increased need for a wide range of 
financial transactions. The limitations placed on limited-use card numbers can be 

30 used to implement a wide range of payment options. For example, a credit card 

number can be limited to a single transaction for a pre-arranged transaction limit. Or 
alternatively, a credit card number can be used, for example, to implement an 
installment plan where the credit card number is, for example, only valid for twelve 
payments for a pre-arranged transaction limit for twelve months to a single 

35 merchant. This plan provides security against fraud because it is locked to a single 
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merchant, and it is only good for one year. Or similarly, a credit card number can be 
used to implement a debit plan where the credit card number is limited to a specific 
merchant. When the limited-use number Is limited to a specific merchant, the 
merchant can be prearranged by the user or can be determined by first use. Or 
5 finally, a credit card number can be used as a gift voucher where the credit card 
number is limited to a specific transaction value, but it can be used for any 
merchant. 

2.A Distribution of the credit card numbers 

10 

The next matter that is considered is how these additional credit card numbers 
and/or additional credit cards are distributed to a credit card holder. One way of 
providing such additional credit card numbers and/or additional credit cards is to in 
some way provide them physically to the master credit card holder, whether it be by 

15 collection, delivery by courier, post or some other way whjch can generally be 

covered under the heading of provision by post. Obviously, the financial institutions 
wish to provide the additional credit card numbers or the additional credit cards to 
the user as efficiently as possible with the minimum risk of the additional credit card 
numbers and/or cards falling into a third party's hand. While one can never prevent 

20 theft, for example, of a credit card from a user, what is important is to ensure that 
these disposable credit cards and/or credit card numbers are delivered to the user 
with the least possibility of a third party obtaining either the numbers or the 
disposable credit cards from the time they are generated until the time they are 
physically received by the user. 

25 

It is envisaged that there are various methods by which a credit card provider could 
issue the additional credit card numbers and/or credit cards to the user. One of the 
simplest ways would be to post them on request. Another way would be for the 
credit card provider, after receiving a payment of an account or with a statement of 
30 an account, to provide a sufficient number of additional credit card numbers and/or 
additional credit cards to replace the ones used since the previous statement. 
Particularly, if such statements do not quote the master credit card number or some 
code number, it would be possible to put in additional checks on the activation of the 
additional credit card numbers or credit cards. Some form of receipt system could 
35 be used. In this way effective theft would be reduced. 
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Fig. 5 is a flowchart illustrating an exemplary process for distributing credit card 
numbers. A credit card issuer allocates a master credit card number to a master 
credit card owner. (Step 502). The credit card issuer then allocates limited-use 
numbers to the master credit card number. (Step 504). For pre-prepared cards, the 
card issuer can decide whether to print (or incorporate by some other means such 
as embossing) one number per card or multiple numbers per card. (Step 506). The 
card issuer can distribute multiple numbers using a single card (step 508) or 
distribute multiple numbers using multiple cards. (Step 512). 

In either case, it is important that the user can keep track of which numbers have 
been used. If the card has only one number, an opaque removable cover can be 
used to cover one or more portions of the card. (Step 510). For example, the 
opaque removable cover can cover the number portion of the card, so that the cover 
has to be removed before the card can be used. The act of removing the cover 
indicates that the card number has been accessed or used. 

Or alternatively, an opaque removable cover can conceal a message such as 
-used." The opaque removable cover can be a scratch off layer that is scratched off 
before or after the card is used. The scratch off layer can resemble the layer that is 
often used to cover lottery numbers or the like. Or alternatively, the single use cards 
can be placed in a self-contained container that resembles a razor blade dispenser. 
(Step 516). The owner can remove a single use card from a first compartment and 
then place the used card into a second compartment. 

If the card has multiple numbers, the owner can keep track of the numbers by using 
a device that covers one or more portions of the card. (Step 510). The device can 
cover the numbers until they are used. As described above, the device can 
comprise multiple opaque layers that must be removed prior to the use of each 
) number. Or alternatively, each number could be visible when the card is issued and 
each number is associated with a panel in which an opaque covering conceals a 
message that indicates that the number has been used. After each use, the 
corresponding covering is removed or scratched off to indicate that the number has 
been used. 



35 
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ln both above cases the solutions incorporated on the cards act to remind the user 
which numbers have been used. The critical check on the validity of the number is 
performed by the processing software responsible for authorizing card transactions. 

5 The additional credit card numbers and/or cards can be sent with a statement. 

(Step 518). The additional credit card numbers are not activated until the statement 
is paid. (Step 520). The card issuer could also require that the payment be 
accompanied by the master credit card number or another identifier. Or, for 
example, an additional security step involving either direct contact with the issuing 

10 credit card company or an independently issued password to allow activation of an 
electronic device could be used. 

A further way in which the additional credit card numbers and/or additional credit 
cards could be distributed to the user is by way of an ATM machine. (Step 522). 
15 The ATM machine with very little modification could provide the additional credit card 
numbers. Similarly, with relatively little modification, an ATM machine could provide 
additional credit cards. 

Cards/single use numbers can be issued directly into an electronic device that is 
20 capable of storing such numbers. This applies to mobile phones and pager devices 
to which information can be transmitted using existing systems and computers 
connected either directly or via a telecommunications system to the Internet or a 
specific host computer system. In such a situation a mechanism is required to 
protect these numbers in transit to prevent unauthorized access. For global 
25 applications, this mechanism must not be subject to export restrictions. In addition, 
this protection should not be susceptible to "brute force" decryption techniques. 
Such a system is described below in relation to the storage of single use cards. 

An alternative method to provide additional credit card numbers could be by way of a 
30 computer programs. Obviously it would be necessary for the credit card provider to 
have sufficient security that when the computer program was dispatched, either 
through the telecommunications network or through the post, that unauthorized 
access could not be obtained. 
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2.5 Electronic use of the credit card numbers 



In the situation where the user stores and accesses limited-use numbers via an 
electronic device such a computer of any form (desktop, television or cable linked 
5 Internet access device, laptop, palmtop, personal organizer etc), any device that can 
deliver the same functions as a computer or dedicated Internet access device, a 
dedicated microprocessor device with key pad and screen or any form of telephone 
with associated microprocessor controlled electronics, the associated software can 
perform some or all of the following functions: 

10 

1 ) Password controlled access to software or other security activation system 
that can verify that the user has a valid right of access. 



Secure storage of issued limited-use credit/debit/charge card numbers until 
required by the user. These numbers can be stored in a variety of encrypted 
forms. An additional security step is to encrypt the number in the form a valid 
credit card number as previously described. 

Secure storage of transaction details and date of use for reconciliation with 
records held by the credit/debit/charge card company in case of 
disagreement. This may include digitally signing each transaction record. 

Facility for user to review past usage of limited-use card numbers and 
transactions. 

Notification to user of available number of limited-use cards. 



6) Initiate automated request from software to card issuing organization or 
agreed agent for further cards to be issued by previously agreed route if 
30 requested by user or if the number of available limited-use cards is less than 

a pre-arrange limit. 



7) Secure communication between software package and card issuing 

organization or agreed agent for downloading additional limited-use numbers. 
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This secure communication can exploit any available form of encryption 
suitable for this purpose. 

8) Secure communication between card issuing organization or agreed agent 
5 and the software package for the transmission of information regarding credit 

card transactions, account balances and other information as requested by 
the user or card issuer. This secure communication can exploit any available 
form of encryption suitable for this purpose. 



10 9) Automated or manual means for transfer of credit card information to the 

merchant. The software can integrate with Internet software in the situation 
where it is run on a device linked to the Internet or similar electronic network 
and allow automatic transmission of transaction details if the merchant 
software so allows. To ensure compatibility with any form of merchant 

15 software the user also has the option of dragging and dropping a limited-use 

number displayed by the software onto the appropriate part of a web page, or 
manually entering the number. In the case a device intended for use over 
the telephone, the number can either be spoken by the user or appropriate 
tones can be generated to automatically transmit the number to the 

20 merchant. 



10) Use of digital signature verification to verify both parties of a credit card 
transaction (i.e. merchant and cardholder). 



25 11) Use of digital signature verification to verify both parties of a communication 
involving the transmission of financial information or additional limited-use 
card numbers (i.e. card issuer and cardholder). 

12) Use of stored lists of limited-use numbers held by user and card issuer as 
30 dynamic passwords to verify both parties (user and card issuer) of a 

communication involving transmission of financial information or additional 
limited card numbers. 



For "card not present" transactions, it is proposed that the customer uses an 
35 electronic device to store issued single use numbers. This may represent a range of 
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devices from a mobile telephone, pager, dedicated single use storage device or a 
software package that can run on range of platforms such as a conventional desktop 
computer, television based Internet access device (e.g., WebTV) or a portable 
computing device. 

5 

The software that is used within these devices for storing and accessing these 
numbers will have specific features that are common to all platforms/devices. 

For security reasons, access to the software will be password protected or protected 
10 by another security system that allows identification of the user. Multiple passwords 
may be employed to provide limited access to certain individuals, for example 
limiting access for a family member to single use numbers with specific pre-ailocated 
limits on application or maximum transaction value. 

15 The single use numbers are preferably stored iri a secure form involving one or more 
encryption systems. It is proposed that a dual system will be employed using a 
standard protocol (e.g, DES or RSA encryption) and a specific system designed for 
credit cards as described below. 

20 "Brute force" decryption involves using multiple fast computers and specific 

algorithms to test large numbers of possible encryption "keys." Success can be 
determined by seeing whether the result appears in the expected format, for 
example as comprehensible English text in the case of an encrypted document. If 
the encrypted version is in an identical format to the unencrypted version (though 

25 with different information) then brute force decryption cannot succeed. This is not a 
computationally viable option for text but it is possible for credit cards. 

The approach is to break down each component of a credit card number and encrypt 
these with a private password so as to maintain the numerical composition of each 

30 component. The end result should be securely encrypted but should not represent 
another existing credit card account. This can be achieved by constraining the 
encryption system to convert the credit card header sequence used to identify the 
issuing bank (usually 4-6 digits) into a currently unused sequence. Since this 
information will be constant for all cards from the same issuer, this information 

35 should be randomized (rather than encrypted) to prevent recognition of a valid 
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decryption solution. Once the rest of the number is decrypted by the program, the 
appropriate header sequence can be added. The remaining digits excluding the 
checksum (the last digit) are then encrypted using any private key encryption system 
that will maintain the same number of digits and produce a result that represents the 

5 numerals 0 to 9. The expiration date and any other identifying digits are also 

encrypted in such a manner as to respect their existing structure, i.e., the month is 
encrypted between 1 and 12 and the year is encrypted so as to represent a number 
within the next three years that ensures that the expiration date is valid. Following 
these steps, the digits used to calculate the checksum in a normal card number are 

10 processed to calculate a valid checksum for the encrypted card. The result is a valid 
appearing credit card number that has a valid checksum and which can be 
guaranteed not to belong to any existing credit/debit card account holder. 

For example, for a card with a 6 digit header and valid checksum, e.g., 
15 "1234 5678 9012 3452 expiration date of 12/99," 123456 is randomly assigned to a 
currently unused header sequence, e.g., 090234 (this is an example and does not 
necessarily represent an unused header sequence). 789012345 is encrypted into 
another 9 digit number, e.g., 209476391. 12/99 is encrypted to a valid date format 
that ensures the card is not expired, e.g., 3/00. The checksum is recalculated to 
20 produce a valid appearing credit card number, for this example the checksum is 4, 
i.e., 0902 3420 9476 3914 expiry 3/00. 

To decrypt this number for use or after transmission from the bank, the appropriate 
header sequence for the issuer is exchanged for the digits in the encrypted number. 
25 The other digits are decrypted using the private password and the check-sum is 
recalculated. 

Provided that the header number is unused and the private password remains 
private, then this number is encrypted in such a way that brute force encryption 
30 cannot be used to determine the original number, since it will not be possible to 
determine when the correct solution has been reached. In combination with 
standard encryption systems, this allows a means to securely store credit cards and 
transmit them over insecure systems with confidence. 
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Once .he approve password is entered m .o ft. software, the ne* 
,ormo(WdeWcan a chie,edbyquo«n 9 a«l»cardmfora>a»=n,ord 1 r.c»» 
IsmiUedvia.heso^ar.tothernerchan,. One used,*, single us. numb«,s 
5 removed,rom«hes.ored,is,. The da,. ofaccesa. ft. number 

dig,* signed toal.ow.or vacation ,„ fte c». of a disputed^sae^. Each 
access toasingle use number requires ft. en.ryofapassw.nl to prcwen, 
unautoorized access if the customer .eaves his softwar^computer devrc. 

10 unattended and active. 

card numbers. The software can be inched either on Ksow, or acbva,ed*an 
£ „e,ra.edimoan.meme.browser. <S.ep60 2 ). The sofhvar. can proy,dea 

Jsand/orATM^Tnesonwarecanbeproorammadus-., avacod oraJava 
core embedded in a c/o" application or e,ufca.en. programming language. 
Once .aunched the user pu^ln one pass«rd to ,a,nacc,ss.o.he^nsae,n 
2 „ ^.chco.UinsaKeypadtoailowaPIN.obainpuned.lfterbv^^ 

mouseciicks (Step604).Th.latteTprote=tsagains,arr,c OT er.attem^tor e oord 

numbers After .he correct PIN is entered, the user can select a new l,m,ted-use 
606). Anewli m Hed.usenumberis.h.ndisplaved.n»eg ra ph,ca,**«Jhe 
software can provide secure access .o enaypted credit card numbers that are 
s^onalputer-ahantdis,, (S ,ep60S>. These numbers can be accessed for 
ro„rlme. or for use over Utephone/mai, order. (S..P610). The numbers 

30 m:»beab,e.obeinse rt eddirec 0y in,oawebpa,e( 5 ,ep.12,.orpnM. 

3 rlpiedfromsc^enforuseinCherways. <S,ep614>. The ,im«.d*se number 
can be copied, printed, pasted via .he clipboard (or equivalent) or 
d ra g 9 ed-and-dropped on to aweb page. The fcngth o, «me a number , d^yed 

35 commen,.oprovide.unherin,orma.ionab.u.howanumberwas,obeappl.ed. 
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automatedtransacKons, the soKware should ideally be able to ; >n.ercep« am .respond 
,o merchant server initiated signals activating integrated functions wrthln the 



browser. 



Onceanuntberhasbeenaccessed^canbedeietedtrorn^een^iis., 

(Step 616) The date, number, current URL in the case cf Web us. and any user 
rn.e^are.henstoredbv.separa.^ote^on.o.aaW.aud^. 

(Step 618). The user can review, but not edit this intormatwn 

There shouid be a facility tor downloading additional numbers e«her from additional 
floppies or via the Internet using high security protocols. (Step 620). The latter 
function can be performed by a separate program. 

The program should include a maxima, degree of transparent secunty features^, 
use numbers shou* either be stored ^ 

also stores enc^ted copies of the maCine specmc Wormed. ™ 
is required to ensure mat the numbers can only be accessed on the machine on 
, Z the software was first installed. The data „es shou* a*o be stored as h,dd» 

system files. 

some users may wish to have the equivalent of an electtonic wallet that can be de- 
installed from one computer and reinserted on another, for example when 
5 .ransfernnga^allerfromano^cetoahcmemachlne. 

ensuresma.onlyoneversionof^programisn.nnlngat^y.n.f.^^no 

problems adse in terms o, recondilng •» o, used numbers. Approbate secunty 
mechanisms can be implemented to identify the valid user. 

,0 En„yption of limited-use numbers should involve two ievels. A. the firs, level, the 
LTumbersareencrypteduslnganaigo^mmatactsonrytoaKerm.^o.g.U 

within the credit card. The header sequence (i.e. bin number) is left unaltered or 
lllintoanunusedbin number a--~~" P ^ 
any form o, brute decryption because there wil, be no way Celling when me correct 
35 algonthm has been selected since each number suns and ends up as a val,d 
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bin number reinserted. 

UrMed-use numbers can be tss ^ 

10 processwill aliowthe program to be ,nsW - 
^«^-*«— ^, 9donltieho5tMmpule , 

» rzr--.-=:-r.i > 

to limited-use numbers. 

«„w. can also provide a log of previously access* numbers, the date. 

M link interne, access to ihe card number issues webs*.. 
T - ..„n..«innote-"""nsactlon 

,. B *-«-*--«-*" , " , *" a,,,, "?T 

„a y as a. present The merchant 



25 



30 
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including some or all of the following: 



Verify that the limited-use number is valid. 

Verify that the transaction falls within limitations placed on the specific 

number. 

,„ m9 case ofaiimited-use number 

L»ansac.ion falls within limits accept for«i. assorted account. 

Provide au— nto. he merchant!. valid =hdw«h,n*.lim«a«ons for 
specified number and associated account. 

rrsame mercha^tha, chained pre-aumc^iohforme same 



account. 



30 7) 



B) 



an invalidated limited-use number. 

limitations on use are me. or exceeded by a sp^fc transact. 



35 
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9) Maintain.istof^^ 

returned or faulty goods for a defined penod. 

10) u^^*™^^^*™**^ 

5 account. 

11} T ra ns ml . re oo rt sC 1 Wed-useando tl »rcan ltra ns,c U ons,.« 1 .u,.rt» 

post or e-mail. 

10 12) ,„s« 9 a,epa^en,.o me rchan..or a p Pro ved lra nsac U on». 

, 3) instigat.reimbursementtoaccoun.hoK.erin^eof. refund. 
14) mvoiceaccoun.howar.orpaymen.forchargesmc^or.^nse 
15 settlement via another account. 

required changes. 

" 

30 of the limited-use number, it is authonzed. 
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used. 



same merchant must be allowed. 

card transaction. 

30 handled in the same manner. 

the database of valid account numbers. 
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ouster accoun.de.aas are stored together for audi, purposes and the value •» 
transaction is added to the customer's account for b*ng. 

s Thesoftv«re,orstoh„g<ransac«^ 

,„ allow for both 1. customer's conventional account deMs and the l,m«e*us. 
number transaction details to be reported. 

,„ variety of ways. The authorization and settlement process can be completed 

commonly done in existing credit card systems. 
B rcessingsy,.em..hea b ove.unc«onscanbeimp,.m.n,ed»^u,r.s«on,n 

transaction. 

20 ,„ the case where me above functions have to be integrated into existing systems 

add steps to the processing chain that is encountered as soon as a 
credit/debit/charge card number is received from a merchant. 

sofhvre system determines whether the number is a limKed-use number a 
conventionalcardnumbe, (S,ep704>. ifth. number is aconven U o™ ~d 
30 number H is passed on unchanged into the processing system and can be handled 
3 b tisUngs^emswithnomodKcatio, (StepTOC). The merchant reaves 

numbers. Merchant reimbursement is similarly unaffected. (Step 708). 
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15 



lSd*»— «• <**m Oncethernasteraccountnumbens 

Step 718) * .he criteria tor MM *» •*•«• 

(Step 718) ll. ihen the limited-use number is invalidated for all future 

Lis and master account number are then uansmitted .o„nclus»n a 
d^lase to allow ,or tracking of transact details and billing o. me user. These 
jrsrlneedtobepeHormedbe.oreanau^tionisissuedbu,^ 

completed afterwards. (Step 720). 

^ re s«iConsand a eo 0 raphica„im,,ation, ^'^^^ 
master credit card need not be passed on tor further processing. In the case o, 

expiry date) are checked for each limited-use transact™. 

Specific fraud detection mechanisms can also be incorporated into the , sofwar* 

W , trans ction can be nagged as potentially fraudulent and 

!1 Repeated attempts to authorize invalid numbers from a angle merchan or 

appropriate fraud management measures. 
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♦ m quires the least modification of existing systems but may take 
numbers and master credit card numbers. 

F , a8i safl™ chart illustrating another exemplary process for P™»*9 a 
! , ns ,.o802 a software system receives transaction details from a 

T ? del the Located account or means of settlement and spec* 
information to identify the associai i imK ed-use numbers 

^^(step^v.thoutiden.iWng the assoaeted account number. 

i0 , clBnR1 o\ the associated account needs to be 

For settlement and billing purposes (step 812), the assoaa 

rrrr ^rr-:t==S«. 

30 ^rlntheiimi.ea.usecardv.en^masteraccouhtchan^scanbe 
performed outside the authorisation process (i.e. -off-line"). 

35 ^edinboth — ionanddeta. Per instance, the invent has been 
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pureM se duposabie c«d» cards, ^spo,^^^ , 

such as either direct* in a taee-to-face transaction or by post. 

multiple use. It is, however, envnag 

advantages (or the credit card providers. 
30 ■ - . -■»-"■ ■■— of Urn rredit card numbss 
,n~v*erethecard.ho^^ 

35 r^^"^^^-------- 



PCT/IE99/00016 



WO 99/49424 



coul ^„ S ed t o^eH h er^wimo U .m.^eed ( ori S su,„ ga yd* na, 
■7 u™ Since this identification does not need to be handled by 

this purpose. 

numbers to the master credrt ca ^ 
5 as a PIN number. (Step 914). 

" firstandthen the abated account identfled second b, exa-n« 

■ ====== 

account can be uniquely identified. 
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„ ,< w„t s these examples should not be constwed as limitations. Not only ca 

m o«edforo«hercon 1 puterne^r tt orn U n^nn 9 s= 1 » m e,Thus>e^sen l 
r„venBo„lsno. l «ed«o,hed B *sede m bod h ,en te ...u„s,obeaoco rt .d» W 

widest scope consistent with the claims below. 
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£LAIMS! 



25 3. 



35 



Aa edi,«d sysfcm orthetypecompo*, ^^'^^ 

tabMisofsaldlimited-usscredltcartnutnberOie). 

A credit card system as claimed in claim 1, further compnsino 

means (206) tor receiving notation that said limited^ credit card 
number has bean used in a credit card transaction; 
^storde^^erar^se^hasoc^basad^ 

.eans^dea^saMWec^secre^cardl^jifsaWWed-use 
event has occurred. 

Aa edKcan J s^e m asda i medinda ta ,c f 2,^sa,d,,m«a iU se«en«« 
^dv^en said Med-use credit card (126) is used only once. 

A«edHcard ^v^^f"^^'^^"**"* 

rl^-ns-^usecre.card^isused^^es 

which are greater than a prescribed monetary amount 

— - ™ mtar (126) ,n -r: ,0 1 

I^ln command, and assort, s*d other -ed.se oed* card number 
(126) with said master credit card number. 
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request. 



credit card number from said queue. 
(126) to a user. 

telecommunications system (112). 

. ^ • .i aim q in which the transmission means 

' c^cardnumterteencwtedp-icrtotovntoad^ 

30 number is distributed on a card compns.no an opaque remove 

14 ^^^^^^^^^ 

the card comprising a scratch-off removable cover. 

, ■ -4„ m « in which said credit card number is on 
35 15 . A credit card system as daimed n dam 13, n whK» sa 
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an individualised card that is removed from a first compartment and subsequent^ 
disposed of in a second compartment 

5 ^wudestfsp^ mean, for dispen^aoeat cart ^o^^ 

limited-use credit card number to a user. 

17 . A credit card system as claimed in claim 16. wherein said dispensing means 
comprises an automated teller machine (112). 

10 18 A credit card system as daimed in daim 16 or 17, wherein said dispensing means 
' comprisesapnntfngmeansforp^^^ 
card number for delivery to said user. 

15 19 . laami^m^tomiV^^*^" 11 ™ 9 " 

assigning credit card numbers includes:- 

a database (302) of credit card numbers which share identical formatting; 
and 

acred* card number allocatorthat can allocate at least one additional credK 
25 card number (312) from said database to said master credit card number. 

credit card as claimed in claim 19. wherein said system allocates credit card 



A 



numbers sequentially to a queue of master credit card numbers. 

30 21 Acreditcardsystemasd^^ 

a white noise generator to provide random numbers as credit card numbers. 

22 A credit card system as daimed in any of daims 19 to 21. said system further 
' comprising an analog to digital converter for random number generate from a 
35 random physical system. 
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24. 



10 25. 



^^heroomp^an^ranoeofored.oa.inurtos. 
A oredit card system as daimed I, d*m 24. 4-* - — « « 

numbers (302). 

- Ao^.oara S ys tem as^ md ain,25,^sa,do^ca rt ^ 
card numbers (302) alter It Is selected. 

• =========== 

20 use-lnggereooondilion subsequent. 

,„ a credit cani system as daimed in any of daims 19 .0 27. herein said system 

2B ' A ^£Z.*^m*~*»>*">*~ m *~ 



issued and vai* numbers a«*r a ushered 



A 



a credit card system as claimed in any preceding claim, in v*ich there are 
credit card number comprising:- 
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a database of credit card numbers which share identical formatting; 
a database (406) of conditions; 

master ^crt^^'™™^***™"*™ 
card number (402) from said database of credit card numbers to be 

master credit card number. 

number (402) from said datobase of oedlt card numbers to «d master 
credit card number, and 

acondHiona.ocatorWcan^atteas.oneco^.aon (404,10 saa 
credH card number and store said cordon in said database* 
condHtons (406), said condition (404) HmKin, the use of said credit card 
number (402). 

32 .creditcardsystemasc.aimedindaimat^erehsaidsystemcn.cKssa^ 
' condition (404) v*en said credit card number (402) is used. 

33 Acreditcard^temasdaimedindaimSI or 32, wherein said condrtion (404, 
allocated to said credit card number can be updated (408). 

A credit cant system as claimed in any of daims 3t to 33, wherein said credit 
calumber (L) refects said condiUons (404, located to sa,d cred,, card 
number. 

35 A credit card system as claimed in an, o, daims 3t to 34 in wtiich th e said 
w lubase(406,..cond W onscompHs.s.ransac.ionya,uecondn,ons.,m.o 

*ans"ol conditions, number o, transacts condiUons. frequency of 
transactions conditions, and purpose conditions. 

« card number (126) is limited to a particular merchant. 



20 



25 34. 
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37. 



38. 



10 39. 



25 



value for a single purpose. 

transaction value within a set time, 
card number (126) is tatted to a single purpose. 

value. 

,. Acreditcaros^emasoiaimeoinanyprecedingoiaimcompris^ 

. database o. credit card numbers (124, which share identica, 

formatting; 

amaster credit card number seiector that can seiec, a, ■-•»«"• 
Z number trom said database to be a master credtt card number; 

acredttcard number aiiocalorwcana^al.eas.on.credtt card 
number from said database to said master credit card number. 

a mastered, card computer (102). said master credit card computer 
and slid credtt can, number a»oca,or interconnected by a computer 

network. 

card computer (102) via said computer network. 
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46. 



47. 



ITlputer (102, — - — - —» " ^ ^ 
(608). 

computer (102) decrypts one of sa,d encrypted credrt ca 
provide a decrypted credit card number. 

(608) when said decrypted credit card number is used. 

===== 

card numbers is used. 

credit card computer (102) via said computer network, 
computer network to said merchant computer (102). 

computer network to said merchant computer, 
^onv.mou.everkn^ng said mastorcredi, cart number. 



50. 
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51. 



52. 



53. 



A a*, card system « daimed in daim 50. in which the system further 
comprises a list of valid credH card numbers and conditions for each. 

A crcdit card system as daimed U, daim 51, in which the system includes 
^fcremLnepiCs-dcr.dHc^numb.r.roms.Ul^to.v.Udcre* 

card numbers after a use-triggered condition subsequent (206). 

A credH card system as ciaimed in claim 52. in which there is proved means 

Zm said credited number (210) is removed tern said list of vMa*.-* 
numbers. 

m A credit card system as claimed in any of claUns 50 to MM maintaining 
numbers. 

55. Ac re d,.cardsys,.masc,aimedinCaim54inwh,chr ra s.cond,is,isus.din 
the case of returned goods. 

56. A credit card system as claimed in daim 54 or 55 in which the second lis. Is 
used to detect fraud. 

57 A credit card system as Calmed in any preceding claim, in which the system 
p^esmear^.oracc.ssingaccountin.omta.cn.^systemcompns^, 

a database of credit card numbers (902) which share identical 
formatting; 

amas.ercredHcardnumb^selector^atcanselectMteas.onecredH 
' card number from said database (902) to be a master cred,t card 

number (904); 

acredit card number aliocator that can allocate at least one credit card 
„ number (908) from said database (902) to said master credit card 
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number; 



10 



a„ account information provider. - — TIT! 
said credit cart number as a persona! iden.if.ca.ion number (912) to 
access account information for said master credit cart number (904). 

program for the system. 
59 A credit card system as ciaimed in an, preceding claim, in which physical 
for carrying out the system. 

maintaining a poo. of credV cart numbers (302) which share identica, 
formatting; 

assigning a. leas, one credit card number from said poo, of credit card 
numbers to be a master credit card number (304); 

assigning a. leas, one credH card ™mber from said pool of credit «rd 
numbers to be a iimited-use «« card number (308) wt,,ch . 
25 deactivated upon a use-tnggered condition subsequent; and 

associated said master credit card number (304) w«h said IMed-use 
credit card number (308). while ensuring that said master cred,t card 
number cannot be discovered on the basis of said limited-use credrt 
30 card number. 

6 , A credit card system for performing a oedit cart transaction charactertsed in 
' «!. based ^ one o, a master credit cart number or a MM cred,. 
35 ^respecttosaidmasteraeditcardnumber.bu.said.mHed.secred^rd 
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to generate a transaction message; 

processing means «or «M - — *» ^ 
processing said transaction, induding:- 

° means ,or authorising (T06) or denying (712) said transaction; 

m .a re a,8,.orde t er m inin„^er t odeac«v.te^mi^ 

use credit card number vmen said limited-use credit cerd 

a deacon comm.. in response .hereto - 
means «r determining wheth« to deaoUvat. * 
Ldi, card number de.erm.es «. a 

occurred, and i. so. generates said deactivate command when 
20 said limited-use event has occurred; and 

means tor deac^ng the .mKed-usecrrfi. card number based 
on the deactivation command. 
25 „ AcredHcardsvst.masc.aimedindaimol.whereinsaidnmi.^.eeven,,. 
XtnU-^usec.ditca^^^cniyonc,. 

. ■ . ft i or 62 wherein said limited-use 

30 ^rgeswhicharegreeter^aprescrtbedmoneta^amoun, 

M . nrrr- 
35 :r:^:^~-~ w, ~- 
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matnema M relation,* * respect .0 said master crcdi. card number, brf 
said limited-use «dit card number (704) includes Identical formattm, to sa,d 
m aster cred* card number and is associated with said master cred« card 
number, said system comprising:- 

entering a transaction on the basis of said master credit card number or 
said limited-use credit card number (704) to generate a transact.cn 
message; 

said transaction message and processing said transaction, 



20 



receiving 
including: 



authorising (706) or denying (712) said transaction; 

determining (718) whether to deactivate the limited-use credit 
card number when said limited-use credit card numberwas used 
to perform the transaction, and generating a deactivation 
command in response thereto, wherein said 

determining (718) step determines whether to deactivate the limited-use 
credit card number (704) based on whether a limited-use event 
pertaining to the use of the limited-use credit card number (704) has 
occurred, and if so, generates said deactivation command when sa,d 
limited-use event has occurred; and 

deactivating the limited-use credit card number (704) based on the 
deactivation command. 
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